BeyondTrust Gains Access to Anthropic's Restricted Frontier Model to Hunt Flaws in Its Own Code

BeyondTrust has been selected for Project Glasswing, Anthropic's programme to secure the world's most critical software, and will use the restricted frontier model Claude Mythos Preview to find and fix security flaws across its own products. The selection places the company among a small group of vendors whose code sits inside global commerce, government, healthcare, and essential services, and grants it access to a model Anthropic has chosen not to release publicly on cybersecurity grounds.

The model will be pointed at BeyondTrust's product portfolio and its Pathfinder Platform, the architecture that secures privilege for human, machine, and agentic identities across endpoints, cloud, and on-premise environments. Across the wider programme, Claude Mythos Preview has already helped partners surface more than 10,000 high and critical severity vulnerabilities, a figure that signals how much defensive ground a frontier model can cover when aimed at code that adversaries are also studying.

A Security Vendor Is Now a Target Worth Breaking

What makes the arrangement consequential is the kind of company BeyondTrust is. It sells identity and privilege security, the controls that decide who and what can reach sensitive systems. That software runs inside critical infrastructure, which makes a flaw in BeyondTrust's own code unusually valuable to an attacker.

A vendor that secures privilege for thousands of organisations is itself a target worth breaking, and the programme is an attempt to close that gap before someone else finds it.

“Millions of the world's most important workloads are protected by privilege controls that we build and maintain. That is a responsibility we take seriously,” said Janine Seebeck, Chief Executive Officer, BeyondTrust. “As AI changes both software development and cyber defence, the organisations responsible for securing critical infrastructure must continuously raise the bar. Project Glasswing allows us to do exactly that by continuing to strengthen the security and resilience of the software our customers rely on to protect all human, machine, and agentic identities.”

The Window Between Discovery and Attack Has Collapsed

The deal reflects a shift in the economics of attack and defence. As AI accelerates both software development and software exploitation, the window between a vulnerability being discovered and being weaponised has collapsed from months to seconds.

When attackers can use AI to find and exploit a flaw almost instantly, defenders need a model of comparable capability working the other side, and access to Mythos is essentially BeyondTrust arming itself with a frontier tool to match offensive use of the same class of technology.

AI Agents Are the Next Class of Privileged Identity to Secure

The threat is also changing shape, and BeyondTrust's argument points to where it is heading next. AI agents are now one of the fastest-growing and least-governed classes of privileged identity, often operating with access to sensitive systems, data, and business processes.

They sit alongside human administrators, service accounts, and workload identities as attractive targets, which is why the company treats securing autonomous, AI-driven access as the next frontier of privilege security rather than a side concern.

“The threats ahead are bigger than any one vendor, and the response has to be shared,” said Marc Maiffret, Chief Technology Officer, BeyondTrust. “We are honoured to stand with Anthropic and the other members of Project Glasswing, applying Mythos to our own code to further strengthen the security of the products our customers depend on, and doing our part in a defence no one can mount alone.”

BeyondTrust is the global leader in privilege-centric identity security, protecting Paths to Privilege, and is trusted by more than 20,000 customers, including 75 of the Fortune 100. For operators of critical infrastructure, the company argues, resilience increasingly depends on securing the privileges that connect every user, system, application, and AI-driven process, the perimeter where access is granted and where attacks now concentrate.